🔒 Your BMS controllers are connected. Your maintenance technician accesses them remotely.
The question: could someone else access them too?
The IEC 62443 standard addresses this: network segmentation, device authentication, access logging, scheduled updates.
And the pressure is rising.
The Cyber Resilience Act (CRA) comes into force on 11 December 2027: all connected products will need to comply, with security updates guaranteed for a minimum of 5 years. The BMS equipment chosen today already needs to anticipate this.
The good news: IEC 62443 already covers most of the CRA’s requirements.
🔗 To learn more about the standard: Phoenix Contact
A closed proprietary system cannot be audited. Its updates depend on the manufacturer. Vendor lock-in is also a security risk.
That’s why at Workswell, we build these requirements in from the earliest SIA phases:
- specifications,
- choice of open protocols (BACnet, KNX, OPC UA),
- network architecture, equipment selection with a documented security policy.
Several project owners already trust us for this. Your project deserves the same scrutiny.
→ info@workswell.ch | workswell.ch
Cybersecurity #BMS #MCR #IEC62443 #CyberResilienceAct #SmartBuilding #Independent
